10-06-2020 01:35 AM
Hello,
We are about to renew ipsec certificate on unity cluster. I was wondering once we get this completed, will user be asked to accept new certs on their Jabber (both PC & cell phones)?
Certificate name: ipsec.der
Unit: ipsec
Type: own-cert
Thanks.
Solved! Go to Solution.
10-06-2020 03:37 PM
You don't have to worry about it. The only thing an expired IP Security cert will stop is the DRS backups.
You can renew the IP Sec root cert from CUC pub and it will be replicated to the rest of the nodes. You will need to regenerate each of the expired IP sec service cert on all nodes individually. No service restart is needed!
This can be done during office hours. Done it many many times.
10-06-2020 01:41 AM
if user devices has installed Root CA who signed your certificate, you wont get the certificate warning. if not with new certificate, users will be asked to accept.
10-06-2020 02:10 AM
Hi,
How can I make sure that user devices have Root CA cert? The cert I am talking about is self-signed so does that mean users will be asked to accept new cert?
10-06-2020 07:10 AM
You need to download the certificate, and then distribute it to the devices, or have them accept the new certificate. This is covered in the Jabber documentation.
10-06-2020 09:21 PM
The above reply is related to certificate warnings. The certificate which you mentioned has no effect with jabber users .
10-06-2020 10:10 AM
AFAIK The ipsec cert has no relevance for Jabber users.
10-06-2020 11:20 AM
You're absolutely right, missed that, it's Tomcat the one that is used with Jabber.
10-16-2020 03:43 AM - edited 10-16-2020 03:45 AM
Why did you only give 1 helpful vote on this? Second question how do one even change the number of votes given, I've always seen that it gives 5 when you press the Star?
10-16-2020 07:18 AM
I have absolutely no idea, I just gave you a helpful vote on that last comment but it does that automatically, I don't do anything differently, just click on the star. I don't get to choose the number of stars/helpful votes. Not sure if that might be due to being a Cisco employee. I'll ask the CSC team about that.
10-06-2020 03:37 PM
You don't have to worry about it. The only thing an expired IP Security cert will stop is the DRS backups.
You can renew the IP Sec root cert from CUC pub and it will be replicated to the rest of the nodes. You will need to regenerate each of the expired IP sec service cert on all nodes individually. No service restart is needed!
This can be done during office hours. Done it many many times.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide